For years, automakers have know about spoofing automobile key-fobs to allow attackers remote access into a vehicle. Until recently, this was a difficult procedure that required precise timing and the ability to broadcast on a large spectrum to block the transmitter in the key-fob. Lately, a group of Chinese researchers have developed a low cost method that is completely automated using off-the-shelf hardware.
The group of researchers from Beijing were able to pull off the replay attack using a total of $22 in hardware. This is significantly cheaper than previous versions, and allows the attacker to be over 1,000ft away from the target vehicle.
The replay attack tricks the vehicle and key-fob into thinking they are within close proximity to each other. One attacker holds the first device near the vehicle, while the other attacker holds the second device near the key-fob. The device near the car spoofs a signal from the key. That elicits a radio signal from the car’s keyless entry system, which seeks a certain signal back from the key before it will open. Rather than try to crack that radio code, the hacker’s devices instead copy it, then transmit it via radio from one of the hackers’ devices to the other, and then to the key. Then they immediately transmit the key’s response back along the chain, effectively telling the car that the key is in the driver’s hand.
“The attack uses the two devices to extend the effective range of the key fob,” says Jun Li, one of the researchers in the Qihoo group, who call themselves Team Unicorn. “You’re working in your office or shopping in the supermarket, and your car is parked outside. Someone slips near you and then someone else can open up and drive your car. It’s simple.
These techniques have been available to crooks since 2011, but was relatively expensive and difficult to perform using a pair of software defined radios. With the advancements made by the Chinese research team, this technique can now be implemented by almost anyone.
So what can you do to protect yourself and your vehicle?
- First off, store your key-fob in the microwave. Your microwave acts as a Faraday Cage, and prevents radio frequencies from entering or escaping. Without RF access to the key-fob, attackers will be unable to perform the replay attack. Just remember to take your keys out before you use the microwave!
- Install a GPS tracking device in your vehicle. If the crook gains access to your vehicle and drives off, you can work directly with law enforcement to recover the vehicle. GPS trackers are available from LoneStar Tracking for a very low price and can be installed in under 30 seconds.